Vulnerability Details CVE-2022-45195
SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.5%
CVSS Severity
CVSS v3 Score 5.3
References
- https://github.com/simplex-chat/simplexmq/compare/v3.3.0...v3.4.0
- https://github.com/simplex-chat/simplexmq/pull/548
- https://github.com/trailofbits/publications/blob/master/reviews/SimpleXChat.pdf
- https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html
- https://github.com/simplex-chat/simplexmq/compare/v3.3.0...v3.4.0
- https://github.com/simplex-chat/simplexmq/pull/548
- https://github.com/trailofbits/publications/blob/master/reviews/SimpleXChat.pdf
- https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html
Products affected by CVE-2022-45195
-
cpe:2.3:a:simplex:simplex_chat:0.1.0
-
cpe:2.3:a:simplex:simplex_chat:0.2.0
-
cpe:2.3:a:simplex:simplex_chat:0.2.1
-
cpe:2.3:a:simplex:simplex_chat:0.2.2
-
cpe:2.3:a:simplex:simplex_chat:0.3.0
-
cpe:2.3:a:simplex:simplex_chat:0.3.1
-
cpe:2.3:a:simplex:simplex_chat:0.4.0
-
cpe:2.3:a:simplex:simplex_chat:0.4.1
-
cpe:2.3:a:simplex:simplex_chat:0.4.2
-
cpe:2.3:a:simplex:simplex_chat:0.5.0
-
cpe:2.3:a:simplex:simplex_chat:0.5.1
-
cpe:2.3:a:simplex:simplex_chat:0.5.2
-
cpe:2.3:a:simplex:simplex_chat:0.5.3
-
cpe:2.3:a:simplex:simplex_chat:0.5.4
-
cpe:2.3:a:simplex:simplex_chat:0.5.5
-
cpe:2.3:a:simplex:simplex_chat:1.0.0
-
cpe:2.3:a:simplex:simplex_chat:1.0.1
-
cpe:2.3:a:simplex:simplex_chat:1.1.0
-
cpe:2.3:a:simplex:simplex_chat:1.1.1
-
cpe:2.3:a:simplex:simplex_chat:1.2.0
-
cpe:2.3:a:simplex:simplex_chat:1.2.1
-
cpe:2.3:a:simplex:simplex_chat:1.3.0
-
cpe:2.3:a:simplex:simplex_chat:1.3.1
-
cpe:2.3:a:simplex:simplex_chat:1.3.2
-
cpe:2.3:a:simplex:simplex_chat:1.3.3
-
cpe:2.3:a:simplex:simplex_chat:1.4.0
-
cpe:2.3:a:simplex:simplex_chat:1.4.1
-
cpe:2.3:a:simplex:simplex_chat:1.5.0
-
cpe:2.3:a:simplex:simplex_chat:1.6.0
-
cpe:2.3:a:simplex:simplex_chat:2.0.0
-
cpe:2.3:a:simplex:simplex_chat:2.0.1
-
cpe:2.3:a:simplex:simplex_chat:2.1.0
-
cpe:2.3:a:simplex:simplex_chat:2.2.0
-
cpe:2.3:a:simplex:simplex_chat:3.0.0
-
cpe:2.3:a:simplex:simplex_chat:3.0.1
-
cpe:2.3:a:simplex:simplex_chat:3.1.0
-
cpe:2.3:a:simplex:simplex_chat:3.2.0
-
cpe:2.3:a:simplex:simplex_chat:3.2.1
-
cpe:2.3:a:simplex:simplex_chat:4.0.0
-
cpe:2.3:a:simplex:simplex_chat:4.0.1
-
cpe:2.3:a:simplex:simplex_chat:4.1.0
-
cpe:2.3:a:simplex:simplex_chat:4.1.1
-
cpe:2.3:a:simplex:simplexmq:0.1.0
-
cpe:2.3:a:simplex:simplexmq:0.2.0
-
cpe:2.3:a:simplex:simplexmq:0.3.0
-
cpe:2.3:a:simplex:simplexmq:0.3.1
-
cpe:2.3:a:simplex:simplexmq:0.3.2
-
cpe:2.3:a:simplex:simplexmq:0.4.0
-
cpe:2.3:a:simplex:simplexmq:0.4.1
-
cpe:2.3:a:simplex:simplexmq:0.5.0
-
cpe:2.3:a:simplex:simplexmq:0.5.1
-
cpe:2.3:a:simplex:simplexmq:0.5.2
-
cpe:2.3:a:simplex:simplexmq:1.0.0
-
cpe:2.3:a:simplex:simplexmq:1.0.1
-
cpe:2.3:a:simplex:simplexmq:1.0.2
-
cpe:2.3:a:simplex:simplexmq:1.0.3
-
cpe:2.3:a:simplex:simplexmq:1.1.0
-
cpe:2.3:a:simplex:simplexmq:2.0.0
-
cpe:2.3:a:simplex:simplexmq:2.1.0
-
cpe:2.3:a:simplex:simplexmq:2.1.1
-
cpe:2.3:a:simplex:simplexmq:2.2.0
-
cpe:2.3:a:simplex:simplexmq:2.2.1
-
cpe:2.3:a:simplex:simplexmq:2.3.0
-
cpe:2.3:a:simplex:simplexmq:2.3.1
-
cpe:2.3:a:simplex:simplexmq:3.0.0
-
cpe:2.3:a:simplex:simplexmq:3.0.1
-
cpe:2.3:a:simplex:simplexmq:3.1.0
-
cpe:2.3:a:simplex:simplexmq:3.1.1
-
cpe:2.3:a:simplex:simplexmq:3.1.2
-
cpe:2.3:a:simplex:simplexmq:3.1.3
-
cpe:2.3:a:simplex:simplexmq:3.2.0
-
cpe:2.3:a:simplex:simplexmq:3.3.0
-
cpe:2.3:a:simplex:simplexmq:3.3.1